On Tue, May 18, 2010 at 07:34:45PM +0200, Pierre Ossman wrote: > On Mon, 17 May 2010 16:49:47 -0400 > "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote: > > > On Sat, May 15, 2010 at 03:31:04PM +0200, Pierre Ossman wrote: > > > I'd like to export the filesystem /exports as ro, but the > > > subdir /exports/dump as rw. I can't seem to get it to work though, so > > > before I start digging deeper I figured I might ask if this is even > > > possible? :) > > > > If the "dump" subdirectory is a subdirectory of the same filesystem (not > > a mountpoint), and if you're using NFSv4 (or v2/v3 with crossmnt), the > > client will continue to use the export options on the parent directory. > > > > Hmm... client? Can't say I'm intimate with the NFS protocol, but access > permissions like this seems like a server decision. Yes, apologies for the imprecise language. > > Also, note that it's relatively easy for someone with access to the > > network to treat all of /exports as rw. > > Even with subtree check? If you turn on subtree_check, you're safe. (That can cause other problems, though, due to filehandles changing on cross-directory rename.) --b. > > In general, export points that aren't mountpoints are not usually a good > > idea. > > Fair enough. I'll have to figure something else out. > > Thanks > -- > -- Pierre Ossman > > WARNING: This correspondence is being monitored by FRA, a > Swedish intelligence agency. Make sure your server uses > encryption for SMTP traffic and consider using PGP for > end-to-end encryption. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
